Data Breach

PayPal Data Breach

35K records exposed • December 2022

Hackers used stolen passwords from other websites to break into PayPal accounts. They got access to very sensitive information like Social Security numbers.

What Happened

PayPal accounts were accessed through credential stuffing, exposing sensitive personal information including SSNs and tax identification numbers.

Attack method: Credential stuffing attack

What Data Was Exposed

Names, Addresses, Social Security numbers, Tax IDs, Dates of birth

Is your business exposed?

What to Do If You're Affected

1.
Change your PayPal password immediately
2.
Enable two-factor authentication
3.
Consider credit freeze if SSN was exposed

Lessons for Businesses

• High-value financial accounts attract credential stuffing
• MFA should be mandatory for financial services
• Sensitive data access should require step-up authentication

Sources

https://www.documentcloud.org/documents/23575158-paypal-data-breach-notice

Related Breaches

North Face 2022, Norton Lifelock 2023

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required